It does appear that this specific issue gets around that setting, so I added information about PHP which should fix it.

As to whether or not this is a problem you have to ask yourself: is it a problem that someone knows the path to my document root. This is only a problem if you have a second vulnerability that makes this important such as (but not limited to) an arbitrary php execution or arbitrary file upload issue, but in those cases you should focus on fixing those vulnerabilities.